December 6, 2016
Everyone in the technology world understands the need for data security. At all hours of the day, there could be hackers and malicious agents using malware and viruses to poke and prod at your environment for weak points. Alternatively, there are those who prefer phishing attempts. The people behind a phishing attack will try to manipulate the employees of a company to provide the information or clearance they need to carry out their plans. The most dangerous threats, however, use both direct hacking and phishing attempts in one coordinated attack.
One of Mindsight’s clients was recently the target of such an attack. Through an elaborate phishing attempt, hackers tried to steal tens of thousands of dollars in a plot that spanned the globe.
The Coordinated Attack
The attack took place in multiple phases in a strategic attempt to manipulate employees and convince them to unwittingly hand over money. It sounds outlandish, but truth is stranger than fiction.
The company that was almost hit by this strike is a national manufacturer and though their products are sold in the U.S., they have a number of international partnerships to support their operation.
Phase 1: Data Center Hack
The attack began inconspicuously. The hackers targeted a South Korean-based data center that housed some of the company’s files and data. Rather than steal all of this information, the hackers were after something specific. Once they breached the data center’s security, they searched through the company’s files to find the company’s accounting information and an accounting department contact directory.
Phase 2: Establish a False Identity
With the information they needed, the hackers learned how the accounting department operated and prepared their phishing attempt. The hackers created a domain name and email in the Czech Republic and structured the domain to be extremely similar to the one used by the company. The only difference was an extra “l” in the address. At a quick glance, one wouldn’t notice the difference between the fake domain and a real member of the company.
Phase 3: Build Trust
Rather than immediately take advantage of the accounting department employees, the hackers needed to establish trust. They choose the appropriate personnel and over the course of several weeks sent innocuous emails to the accounting department. They introduced themselves, asked innocent questions, and developed a rapport with the team. The point was to become recognizable. Instead of flying under the radar, the hackers operated in broad daylight.
Phase 4: Make a Move
After trust was established, the communications stopped for a short time until the hackers felt ready to make their move. They sent an email from their fake domain to the accounting department and asked them to reroute a specific recurring expense to a different bank account. Due to their understanding of the company’s accounting procedures and the rapport the hackers had built with the accounting team, there didn’t appear to be anything out of the ordinary. Had the accounting team followed through with the instruction, tens of thousands of dollars would have been put directly into the hacker’s bank account without anyone realizing a theft had even been made.
A Plot Unraveled
This phishing attempt hinged on the assumption that no one would inspect the request before switching the bank accounts. Luckily, a member of the company’s IT team forwarded us the request stating that everything looked correct but something felt fishy. Once we took a closer look, the entire plot unraveled, and the phishing attempt was foiled.
This anecdote demonstrates the lengths to which hackers will go to pull off their schemes. It’s not always as straight forward as a phishing email or malware attack. Sometimes it’s both, and that can be dangerous.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
For Further Reading:
Cisco released a new security product that specifically protects the endpoints of an environment. Learn the ins and outs of the new solution in our blog post.